CVE-2012-4927 | SynScan

Vulnerability Database

289,871

Total vulnerabilities in the database

CVE-2012-4927

SQL injection vulnerability in Limesurvey (a.k.a PHPSurveyor) before 1.91+ Build 120224 and earlier allows remote attackers to execute arbitrary SQL commands via the fieldnames parameter to index.php.

Published: Sep 15, 2012
Updated: Apr 13, 2023
CVE: CVE-2012-4927
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
limesurvey / limesurvey	1.80+	1.80+.x
limesurvey / limesurvey	1.70	1.70.x
limesurvey / limesurvey	1.52	1.52.x
limesurvey / limesurvey	1.49-rc2	1.49-rc2.x
limesurvey / limesurvey	1.81+	1.81+.x
limesurvey / limesurvey	1.81	1.81.x
limesurvey / limesurvey	1.80-rc4	1.80-rc4.x
limesurvey / limesurvey	-	1.90\+.x
limesurvey / limesurvey	1.49_rc2	1.49_rc2.x
limesurvey / limesurvey	-	-
limesurvey / limesurvey	1.5.2	1.5.2.x
limesurvey / limesurvey	1.49	1.49.x
limesurvey / limesurvey	1.80	1.80.x